漏洞描述
【漏洞对象】Jira 【涉及版本】受影响版本<8.3.2 【漏洞描述】AtlassianJira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira8.3.2之前版本中的/rest/issueNav/1/issueTable资源存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。
Jira 用户名可枚举漏洞(CVE-2019-8446)
PoC代码
暂无相关漏洞推荐
- CVE-2019-8449: Jira Information Disclosure
- POC CVE-2007-0885: Jira Rainbow.Zen - Cross-Site Scripting
- POC CVE-2017-9506: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
- POC CVE-2018-20824: Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
- POC CVE-2018-5230: Atlassian Jira Confluence - Cross-Site Scripting
- POC CVE-2019-11581: Atlassian Jira Server-Side Template Injection
- POC CVE-2019-3401: Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
- POC CVE-2019-3402: Jira < 8.1.1 - Cross-Site Scripting
- POC CVE-2019-3403: Jira - Incorrect Authorization
- POC CVE-2019-8442: Jira - Local File Inclusion
- POC CVE-2019-8446: Jira Improper Authorization
- POC CVE-2019-8449: Jira <8.4.0 - Information Disclosure
- POC CVE-2019-8451: Jira <8.4.0 - Server-Side Request Forgery